Authentication vs Authorisation: Confirming users are who they say they are and assigning what users can do and access


For authentication and authorisation, logical access control can be mandatory, discretionary or role-based

Assurance vs Control

Proactive vs reactive approaches to putting good things in and taking bad things out of testing processes to assure and control testing quality